General
-
Target
7efd88b728d661a7ea183093cb30e3e6614b8bbd38567177c89e13ba578eb0e0
-
Size
751KB
-
Sample
240612-cj62qaydmf
-
MD5
e9ce352553387ce91a58d056fa8e79d9
-
SHA1
2cbb925f10b7b02b0d3500b4e6c6891a05542ae8
-
SHA256
7efd88b728d661a7ea183093cb30e3e6614b8bbd38567177c89e13ba578eb0e0
-
SHA512
370d7be156f8abd4307e06bdddeef0489c091228d46a2867ecf29095635b7c9a160a0cbc9f9234745fb8db8869a2f72ec28a15f087557bc016e19ee23633b151
-
SSDEEP
12288:WsscUr/0LBnPVet1P5wwzmfyiapFcdWopHu3MK/NaTWydDtmACR5leZlNp:9oL4nPVefCfyiapFcdWo4cDZRmA+erD
Static task
static1
Behavioral task
behavioral1
Sample
7efd88b728d661a7ea183093cb30e3e6614b8bbd38567177c89e13ba578eb0e0.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.commtechtrading.com - Port:
587 - Username:
[email protected] - Password:
P@QpV}4}V?gH - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.commtechtrading.com - Port:
587 - Username:
[email protected] - Password:
P@QpV}4}V?gH
Targets
-
-
Target
7efd88b728d661a7ea183093cb30e3e6614b8bbd38567177c89e13ba578eb0e0
-
Size
751KB
-
MD5
e9ce352553387ce91a58d056fa8e79d9
-
SHA1
2cbb925f10b7b02b0d3500b4e6c6891a05542ae8
-
SHA256
7efd88b728d661a7ea183093cb30e3e6614b8bbd38567177c89e13ba578eb0e0
-
SHA512
370d7be156f8abd4307e06bdddeef0489c091228d46a2867ecf29095635b7c9a160a0cbc9f9234745fb8db8869a2f72ec28a15f087557bc016e19ee23633b151
-
SSDEEP
12288:WsscUr/0LBnPVet1P5wwzmfyiapFcdWopHu3MK/NaTWydDtmACR5leZlNp:9oL4nPVefCfyiapFcdWo4cDZRmA+erD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-